ACK: [SRU][Mantic][Jammy][PATCH 0/1] CVE-2024-1085
Manuel Diewald
manuel.diewald at canonical.com
Thu Feb 22 08:38:26 UTC 2024
On Wed, Feb 21, 2024 at 01:07:47PM -0600, Bethany Jamison wrote:
> [Impact]
>
> A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables
> component can be exploited to achieve local privilege escalation.
> The nft_setelem_catchall_deactivate() function checks whether the catch-all
> set element is active in the current generation instead of the next
> generation before freeing it, but only flags it inactive in the next
> generation, making it possible to free the element multiple times, leading
> to a double free vulnerability.
>
> [Fix]
>
> Mantic: Clean cherry-pick.
> Jammy: Mantic patch applied cleanly.
>
> [Test Case]
>
> Compile and boot tested.
>
> [Regression Potential]
>
> Issues could occur when using netfilter tables when freeing up memory.
>
> pablo Neira Ayuso (1):
> netfilter: nf_tables: check if catch-all set element is active in next
> generation
>
> net/netfilter/nf_tables_api.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Manuel Diewald <manuel.diewald at canonical.com>
--
Manuel
More information about the kernel-team
mailing list